Secure near field communication (nfc) handshake

ABSTRACT

Technologies are presented for securing NFC exchange through movement of at least one of the communicating devices. In some examples, a first device, utilizing a communication module and a processor, may transmit an initial NFC handshake signal as the first device is being moved relative to a second device. The second device, utilizing a communication module, two or more antennae, and a processor, may receive the initial NFC handshake signal from the first device. Each device may record a movement of the first device. The second device may transmit a message to the first device that includes a recording of the movement at the second device and a temporary secret. Once the first device determines that the movement recorded at the second device matches the movement recorded at the first device, the first device may use the temporary secret to encrypt further communication with the second device.

BACKGROUND

Unless otherwise indicated herein, the materials described in thissection are not prior art to the claims in this application and are notadmitted to be prior art by inclusion in this section.

Near field communication (NFC) may establish radio communication betweentwo or more communication devices that are in close proximity. NFCstandards may cover communications protocols and data exchange formats,and may be based on existing radio-frequency identification (RFID)standards. NFC may build upon RFID systems by allowing two-waycommunication between endpoints. Present applications may includecontactless transactions, data exchange, and simplified setup of morecomplex communications, such as Wi-Fi.

Near Field Communication (NFC) may be vulnerable to an array of attacksranging from malicious URI spoofing to denial of service. Many attacksmay be similar to those that exist on the Web. In addition, NFC oftenrelies on proximity as an ad-hoc authentication mechanism and a way toestablish trust between two NFC exchange partners. The man-in-the-middleattack may be prevalent in the usage case. The NFC protocol does notaddress the issue beyond the assumption that NFC uses low-powertransmission that may only be received from a very short distance.However, an attacker may use high gain antennae or a high powertransmitter that can transmit and receive signals at a greater distance,allowing the attacker, located a further distance away, to interceptcommunication between two legitimate NFC exchange partners, stealsensitive information and inject malicious data.

SUMMARY

The present disclosure generally describes techniques for providingsecure near field communication (NFC) handshake among devices.

According to some examples, a method is described for providing a securenear field communication (NFC) handshake. The method may include a firstdevice transmitting an initial NFC handshake signal, while the firstdevice is being moved relative to a second device. The method may alsoinclude the first device recording a movement of the first device andreceiving a message from the second device that includes a recording ofthe movement at the second device and a temporary secret. The method mayfurther include the first device receiving the temporary secret toencrypt further communication with the second device if the movementrecorded at the second device matches the movement recorded at the firstdevice.

According to other examples, a method is described for providing asecure near field communication (NFC) handshake. The method may includea second device receiving an initial NFC handshake signal from a firstdevice while the first device is being moved relative to the seconddevice. The method may also include the second device recording amovement of the first device and transmitting a message that includes arecording of the movement at the second device and a temporary secret.The method may further include the second device receiving further NFCcommunication from the first device encrypted with the temporary secretif the movement recorded at the second device matches the movementrecorded at the first device.

According to some embodiments, a mobile device is described forproviding a secure near field communication (NFC) handshake. The mobiledevice may include a communication module configured to exchange NFCsignals and a processor. The processor may transmit an initial NFChandshake signal from the mobile device while the mobile device is beingmoved relative to a second device; record a movement of the mobiledevice; and/or receive a message from the second device that includes arecording of the movement at the second device and a temporary secret.If the movement recorded at the second device matches the movementrecorded at the mobile device, the processor may use the receivedtemporary secret to encrypt further communication with the seconddevice.

According to other embodiments, a stationary device is described forproviding a secure near field communication (NFC) handshake. Thestationary device may include a communication module configured toexchange NFC signals, two or more antennae, and a processor. Theprocessor may receive an initial NFC handshake signal from a mobiledevice while the mobile device is being moved relative to the stationarydevice; record a movement of the mobile device at the stationary device;and/or transmit a message from the stationary device that includes arecording of the movement at the stationary device and a temporarysecret. If the movement recorded at the stationary device matches themovement recorded at the mobile device, the processor may receivefurther NFC communication from the mobile device encrypted with thetemporary secret.

According to further embodiments, a computer readable storage medium isdescribed with instructions stored thereon, which when executed on oneor more computing devices may execute a method for providing secure NearField Communication (NFC) exchange. The method may be similar to themethod described above.

The foregoing summary is illustrative only and is not intended to be inany way limiting. In addition to the illustrative aspects, embodiments,and features described above, further aspects, embodiments, and featureswill become apparent by reference to the drawings and the followingdetailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other features of this disclosure will become morefully apparent from the following description and appended claims, takenin conjunction with the accompanying drawings. Understanding that thesedrawings depict only several embodiments in accordance with thedisclosure and are, therefore, not to be considered limiting of itsscope, the disclosure will be described with additional specificity anddetail through use of the accompanying drawings, in which:

FIG. 1 illustrates an example system employing NFC, which may bevulnerable to an attack;

FIG. 2 illustrates an example system for secure NFC exchange employingrelative position movement of one of the communicating devices;

FIG. 3 illustrates one example system for secure NFC exchange employingrelative position movement of one or both of the communicating devices;

FIG. 4 illustrates an example diagram of securing NFC exchange throughmovement of one of the communicating devices;

FIG. 5 illustrates a general purpose computing device, which may be usedto secure NFC exchange through movement of at least one of thecommunicating devices;

FIG. 6 is a flow diagram illustrating an example method for securing NFCexchange through movement of at least one of the communicating devicesthat may be performed by a computing device such as the computing devicein FIG. 5; and

FIG. 7 illustrates a block diagram of an example computer programproduct, all arranged in accordance with at least some embodimentsdescribed herein.

DETAILED DESCRIPTION

In the following detailed description, reference is made to theaccompanying drawings, which form a part hereof. In the drawings,similar symbols typically identify similar components, unless contextdictates otherwise. The illustrative embodiments described in thedetailed description, drawings, and claims are not meant to be limiting.Other embodiments may be utilized, and other changes may be made,without departing from the spirit or scope of the subject matterpresented herein. It will be readily understood that the aspects of thepresent disclosure, as generally described herein, and illustrated inthe Figures, can be arranged, substituted, combined, separated, anddesigned in a wide variety of different configurations, all of which areexplicitly contemplated herein.

This disclosure is generally drawn, inter alia, to methods, apparatus,systems, devices, and/or computer program products related to securingNFC exchange through movement of at least one of the communicatingdevices.

Briefly stated, technologies are generally described for securing NFCexchange through movement of at least one of the devices communicatingvia NFC. A first device, utilizing a communication module and aprocessor, may transmit an initial NFC handshake signal as the firstdevice is being moved relative to a second device. The second device,utilizing a communication module, two or more antennae, and a processor,may receive the initial NFC handshake signal from the first device. Eachdevice may record a movement of the first device. The second device maytransmit a message to the first device that includes a recording of thefirst device's movement at the second device and a temporary secret.Once the first device determines that the first device's movementrecorded at the second device matches the first device's movementrecorded at the first device, the first device may use the temporarysecret to encrypt further communication with the second device.

FIG. 1 illustrates an example system employing NFC, which may bevulnerable to an attack, arranged in accordance with at least someembodiments described herein.

As shown in a diagram 100, a mobile device 102 and a stationary device104 possessing a single antenna 106 may be transmitting and receivingNFC signals 108 in mutual exchange. A third party device 110 may use ahigh gain antenna 112 or a high power transmitter that can transmit andreceive signals at a greater distance, to intercept (114) the NFCsignals 108 between two legitimate NFC exchange partners, stealsensitive information and inject malicious data, etc.

Securing NFC may rely on the use of encryption keys. The key exchange inan ad hoc situation may involve positive identification of the key usersin order to prevent sending sensitive information inadvertently to anattacker using the attacker's encryption key. To illustrate, a firstuser, who may have a mobile device, may wish to share sensitiveinformation with a second user, who may have a stationary device. Themobile device may send the stationary device an encryption key (publickey) and the stationary device may reciprocate. A third device, locateda relatively larger distance away with a high gain antenna or a highpower transmitter may intercept the key exchange and send a separatekey, which may be unknowingly used to transmit sensitive data. If thethird device is able to transmit the separate key to the mobile device,then the mobile device may be at risk of encoding private informationusing the third device's key. This may then give a third party access tothe first user's information.

FIG. 2 illustrates an example system for secure NFC exchange employingrelative position movement of one of the communicating devices, arrangedin accordance with at least some embodiments described herein.

As shown in a diagram 200, a mobile device 202 may securely transmit anNFC signal 208 to a stationary device 204 using a movement 220 of themobile device 202 in relation to the stationary device 204, possessingtwo or more antennae 222. During the handshake, the mobile device 202may be moved according to a predefined or random pattern by its user.The stationary device 204 may detect this movement through the variationof received signal strength at its multiple antennae 222, for example,and record.

According to the conventional NFC systems that use a single antenna, itis possible to remotely simulate a transmission. By using two or moreantennae and adding a verification layer, a receiving device may be ableto verify the identity of a transmitting device. The verification layermay expect differential signal strength at the two or more antennae 222,which may correspond to a defined spatial relationship between thetransmitting and the receiving devices.

According to an example scenario, even if two devices involved in mutualNFC exchange are closer together than a third device, the third devicemay have a more powerful transmitter that can be used to modulate thesignal. However, if at least one of the two devices use two or moreantennae, then as the first user moves his/her device, the signal may bereceived at different strengths through each antenna depending on thefirst device's spatial relationship to the two or more receivingantennae. The relative position of the first device may then beestimated at the second device based on a difference of received signalstrength through the different antennae. The antennae may havesubstantially similar or different gains, which may be taken intoaccount in the computation. While the third device may interfere bymodulating one of the exchanged signals from a distance as discussedabove, it may be difficult, if at all possible, for it to emulate such arelative position change: the stronger the signal the smaller therelative differences, and the longer the distance, the smaller theperspective. The first and second devices may, therefore, securelyidentify each other.

Based on the relative changes in signal strength received in the two ormore antennae, the second device may be able to record the firstdevice's movement in proximity to the antennae. In some examples, asimilar principle may be applied to the first device, which has oneantenna. Each of the second device's two or more antennae, in additionto receiving signals, may emit distinct signals. The distinction betweencharacteristics of the signals may be in transmitted signal power,frequency, phase, or even modulation. Depending on the first device'sposition between the two or more antennae, the characteristic of thesignal received from each one of antennae may vary. Thus, the firstdevice may record its own movement in relation to the second device.

FIG. 3 illustrates one example system for secure NFC exchange employingrelative position movement of one or both of the communicating devices,arranged in accordance with at least some embodiments described herein.

As shown in a diagram 300, a first mobile device 302 may securelytransmit an NFC signal 308 to a second mobile device 304 through amovement 320 of the first mobile device in relation to the second mobiledevice 304, possessing two or more antennae 322.

According to some embodiments, the configuration shown in the diagram300 may achieve secure NFC exchange similar to the configuration of thediagram 200 in FIG. 2. The NFC exchange in the diagram 300 may includean interaction between two mobile devices, while the configuration inthe diagram 200 may include interaction between a mobile and astationary device.

Embodiments are not limited to the examples shown above. Stationary andmobile devices using any number of antennae may achieve secure NFChandshake by employing recordation of a movement of at least one of thedevices.

FIG. 4 illustrates an example diagram of securing NFC exchange throughmovement of one of the communicating devices, arranged in accordancewith at least some embodiments described herein.

As shown in a diagram 400, a mobile device 432 possessing a singleantenna 442 and a stationary device 434 possessing two or more antennae436, 438, and/or 440 may secure NFC exchange through a movement 432 ofthe mobile device 432.

According to some examples, a method for securing NFC exchange mayhappen as follows: a first device, in close proximity to a seconddevice, may transmit a handshake signal, which includes a public key.The second device may detect the signal and emit two or more distinctsignals utilizing two or more antennae. The first device may be movedrelative to the second device according to a pattern selected by theuser of the first device, where the pattern may also be a randompattern. A movement may be recorded by both the first and seconddevices. The second device, having detected the relative movement in thespace between its two or more antennae, may be certain that the signalcame from the first device and not from a third device. The seconddevice may detect the movement of the first device through the variationof received signal strength at its multiple antennae, for example. Thesecond device may use the first device's public key to encrypt a messagethat contains the first device's movement pattern as recorded and atemporary shared secret. The first device may then compare the movementpattern sent by the second device with the movement it recorded. If thepattern matches, then the first device may also be certain that themessage was received from the second device. The third device may haveintercepted the first device's public key, but may be incapable ofrecording the first device's movement between the second device's two ormore antennae, so any pattern that the third device may send to thefirst device would not match.

The first device, that now has proof that the received message came fromthe second device, may use the second device's temporary secret toencrypt a confirmation message back to the second device. Subsequentcommunication during this session may be encrypted using the temporarysecret. Since the secret was sent from the second to the first deviceusing the first device's public key, the secret is unbeknownst to thethird device. As such, the third device may not be able to read thecontents of the first and second devices' messages or send messages tothem.

FIG. 5 illustrates a general purpose computing device, which may be usedto secure NFC exchange through movement of at least one of thecommunicating devices, arranged in accordance with at least someembodiments described herein.

For example, the computing device 500 may be used to exchange NFCsignals as described herein. In an example basic configuration 502, thecomputing device 500 may include one or more processors 504 and a systemmemory 506. A memory bus 508 may be used for communicating between theprocessor 504 and the system memory 506. The basic configuration 502 isillustrated in FIG. 5 by those components within the inner dashed line.

Depending on the desired configuration, the processor 504 may be of anytype, including but not limited to a microprocessor (μP), amicrocontroller (μC), a digital signal processor (DSP), or anycombination thereof. The processor 504 may include one more levels ofcaching, such as a level cache memory 512, a processor core 514, andregisters 516. The example processor core 514 may include an arithmeticlogic unit (ALU), a floating point unit (FPU), a digital signalprocessing core (DSP Core), or any combination thereof. An examplememory controller 518 may also be used with the processor 504, or insome implementations the memory controller 518 may be an internal partof the processor 504.

Depending on the desired configuration, the system memory 506 may be ofany type including but not limited to volatile memory (such as RAM),non-volatile memory (such as ROM, flash memory, etc.) or any combinationthereof. The system memory 506 may include an operating system 520, acommunication application 522, and program data 524. The communicationapplication 522 may include an NFC module 526 to exchange NFC signals asdescribed herein.

The computing device 500 may have additional features or functionality,and additional interfaces to facilitate communications between the basicconfiguration 502 and any desired devices and interfaces. For example, abus/interface controller 530 may be used to facilitate communicationsbetween the basic configuration 502 and one or more data storage devices532 via a storage interface bus 534. The data storage devices 532 may beone or more removable storage devices 536, one or more non-removablestorage devices 538, or a combination thereof. Examples of the removablestorage and the non-removable storage devices include magnetic diskdevices such as flexible disk drives and hard-disk drives (HDD), opticaldisk drives such as compact disk (CD) drives or digital versatile disk(DVD) drives, solid state drives (SSD), and tape drives to name a few.Example computer storage media may include volatile and nonvolatile,removable and non-removable media implemented in any method ortechnology for storage of information, such as computer readableinstructions, data structures, program modules, or other data.

The system memory 506, the removable storage devices 536 and thenon-removable storage devices 538 are examples of computer storagemedia. Computer storage media includes, but is not limited to, RAM, ROM,EEPROM, flash memory or other memory technology, CD-ROM, digitalversatile disks (DVD), solid state drives, or other optical storage,magnetic cassettes, magnetic tape, magnetic disk storage or othermagnetic storage devices, or any other medium which may be used to storethe desired information and which may be accessed by the computingdevice 500. Any such computer storage media may be part of the computingdevice 500.

The computing device 500 may also include an interface bus 540 forfacilitating communication from various interface devices (e.g., one ormore output devices 542, one or more peripheral interfaces 544, and oneor more communication devices 566) to the basic configuration 502 viathe bus/interface controller 530. Some of the example output devices 542include a graphics processing unit 548 and an audio processing unit 550,which may be configured to communicate to various external devices suchas a display or speakers via one or more A/V ports 552. One or moreexample peripheral interfaces 544 may include a serial interfacecontroller 554 or a parallel interface controller 556, which may beconfigured to communicate with external devices such as input devices(e.g., keyboard, mouse, pen, voice input device, touch input device,etc.) or other peripheral devices (e.g., printer, scanner, etc.) via oneor more I/O ports 558. An example communication device 566 includes anetwork controller 560, which may be arranged to facilitatecommunications with one or more other computing devices 562 over anetwork communication link via one or more communication ports 564. Theone or more other computing devices 562 may include servers at adatacenter, customer equipment, and comparable devices.

The network communication link may be one example of a communicationmedia. Communication media may typically be embodied by computerreadable instructions, data structures, program modules, or other datain a modulated data signal, such as a carrier wave or other transportmechanism, and may include any information delivery media. A “modulateddata signal” may be a signal that has one or more of its characteristicsset or changed in such a manner as to encode information in the signal.By way of example, and not limitation, communication media may includewired media such as a wired network or direct-wired connection, andwireless media such as acoustic, radio frequency (RF), microwave,infrared (IR) and other wireless media. The term computer readable mediaas used herein may include both storage media and communication media.

The computing device 500 may be implemented as a part of a generalpurpose or specialized server, mainframe, or similar computer thatincludes any of the above functions. The computing device 500 may alsobe implemented as a computer including both laptop computer andnon-laptop computer configurations.

Example embodiments may also include methods for managing compoundcertification for assurance without revealing infrastructure. Thesemethods can be implemented in any number of ways, including thestructures described herein. One such way may be by machine operations,of devices of the type described in the present disclosure. Anotheroptional way may be for one or more of the individual operations of themethods to be performed in conjunction with one or more human operatorsperforming some of the operations while other operations may beperformed by machines. These human operators need not be collocated witheach other, but each can be with a machine that performs a portion ofthe program. In other examples, the human interaction can be automatedsuch as by pre-selected criteria that may be machine automated.

FIG. 6 is a flow diagram illustrating an example method for securing NFCexchange through movement of at least one of the communicating devicesthat may be performed by a computing device such as the computing devicein FIG. 5, arranged in accordance with at least some embodimentsdescribed herein.

Example methods may include one or more operations, functions or actionsas illustrated by one or more of blocks 622, 624, 626 and/or 628, andmay in some embodiments be performed by a computing device such as thecomputing device 500 in FIG. 5. The operations described in the blocks622-628 may also be stored as computer-executable instructions in acomputer-readable medium such as a computer-readable medium 620 of acomputing device 610.

An example process for securing NCF exchange may begin with block 622,“TRANSMIT INITIAL HANDSHAKE FROM MOBILE DEVICE WHILE IT IS MOVED”, wherethe processor 504 may transmit an NFC signal 208 from the mobile device202, while the mobile device 202 is being moved relative to thestationary device 204.

Block 622 may be followed by block 624, “RECORD MOVEMENT OF MOBILEDEVICE ON BOTH DEVICES”, where the respective processors of each devicemay record the movement 220 of the mobile device 202.

Block 624 may be followed by block 626, “RECEIVE MESSAGE FROM SECONDDEVICE WITH RECORD OF MOVEMENT AND SECRET”, where the processor 504 ofthe mobile device 202 may receive a message from the stationary device204 that includes a recording of the movement 220 at the stationarydevice 204 and a temporary secret.

Block 626 may be followed by block 628, “IF MOVEMENT RECORDS MATCH,CONTINUE COMMUNICATION ENCRYPTING COMMUNICATION WITH RECEIVED SECRET”,where the processor 504 of the mobile device 202 may determine whetherthe mobile device's movement recorded at the stationary device 204matches the mobile device's movement recorded at the mobile device 202.If the processor 504 of the mobile device 202 determines that the mobiledevice's movement recorded at the stationary device 204 matches themobile device's movement recorded at the mobile device 202, then theprocessor 504 of the mobile device 202 may use the received temporarysecret to encrypt further communication with the stationary device 204.

FIG. 7 illustrates a block diagram of an example computer programproduct, all arranged in accordance with at least some embodimentsdescribed herein.

In some examples, as shown in FIG. 7, the computer program product 700may include a signal bearing medium 702 that may also include one ormore machine readable instructions 704 that, when executed by, forexample, a processor may provide the functionality described herein.Thus, for example, referring to the processor 504 in FIG. 5, thecommunication application 522 or the NFC module 526 may undertake one ormore of the tasks shown in FIG. 7 in response to the instructions 704conveyed to the processor 504 by the medium 702 to perform actionsassociated with securing NFC exchange through movement of at least oneof the communicating devices as described herein. Some of thoseinstructions may include, for example, transmitting initial handshakefrom mobile device while it is moved, recording movement of mobiledevice on both devices, receiving message from second device with recordof movement and secret, and if movement records match, continuingcommunication encrypting communication with received secret, accordingto some embodiments described herein.

In some implementations, the signal bearing medium 702 depicted in FIG.8 may encompass a computer-readable medium 706, such as, but not limitedto, a hard disk drive, a solid state drive, a Compact Disc (CD), aDigital Versatile Disk (DVD), a digital tape, memory, etc. In someimplementations, the signal bearing medium 702 may encompass arecordable medium 708, such as, but not limited to, memory, read/write(R/W) CDs, R/W DVDs, etc. In some implementations, the signal bearingmedium 702 may encompass a communications medium 710, such as, but notlimited to, a digital and/or an analog communication medium (e.g., afiber optic cable, a waveguide, a wired communications link, a wirelesscommunication link, etc.). Thus, for example, the program product 700may be conveyed to one or more modules of the processor 704 by an RFsignal bearing medium, where the signal bearing medium 702 is conveyedby the wireless communications medium 710 (e.g., a wirelesscommunications medium conforming with the IEEE 802.11 standard).

According to some examples, a method is described for providing a securenear field communication (NFC) handshake. The method may include a firstdevice transmitting an initial NFC handshake signal, while the firstdevice is being moved relative to a second device. The method may alsoinclude the first device recording a movement of the first device andreceiving a message from the second device that includes a recording ofthe movement at the second device and a temporary secret. The method mayfurther include the first device receiving the temporary secret toencrypt further communication with the second device if the movementrecorded at the second device matches the movement recorded at the firstdevice.

According to other examples, recording the movement of the first devicemay employ an accelerometer integrated into the device and may be basedon two or more distinct signals transmitted from respective two or moreantennae of the second device. The signal strength of each distinctsignal at the first device may be determined and a public encryption keymay be transmitted with the initial handshake signal, where the messagefrom the second device is encrypted with the public encryption key.

According to further examples, the movement of the first device may beaccording to a random pattern and the temporary secret may be used for asingle NFC session. The movement of the first device may also beaccording to a predefined pattern and the temporary secret may be usedfor multiple NFC sessions. The first device may be a mobile device andthe second device may be a stationary device; the first device and thesecond device may both be mobile devices; or the first device may be asmartphone, a tablet computer, a laptop computer, a mobile computer, ahandheld computer, or a wearable computer.

According to some embodiments, a method is described for providing asecure near field communication (NFC) handshake. The method may includea second device receiving an initial NFC handshake signal from a firstdevice while the first device is being moved relative to the seconddevice. The method may also include the second device recording amovement of the first device and transmitting a message that includes arecording of the movement at the second device and a temporary secret.The method may further include the second device receiving further NFCcommunication from the first device encrypted with the temporary secretif the movement recorded at the second device matches the movementrecorded at the first device.

According to other embodiments, detecting the movement of the firstdevice at the second device may be based on detecting a signal strengthreceived at two or more antennae of the second device and transmittingthe message may employ two or more distinct signals from respective twoor more antennae of the second device. The movement of the first devicemay be according to a random pattern and the temporary secret may beused for a single NFC session. The movement of the first device may alsobe according to a predefined pattern and the temporary secret may beused for multiple NFC sessions. The first device may be a mobile deviceand the second device may be a stationary device; the first device andthe second device may both be mobile devices; or the first device may bea smartphone, a tablet computer, a laptop computer, a mobile computer, ahandheld computer, or a wearable computer. The second device may be apoint of sale (POS) device.

According to further embodiments, a mobile device is described forproviding a secure near field communication (NFC) handshake. The mobiledevice may include a communication module configured to exchange NFCsignals and a processor. The processor may transmit an initial NFChandshake signal from the mobile device while the mobile device is beingmoved relative to a second device; record a movement of the mobiledevice; and/or receive a message from the second device that includes arecording of the movement at the second device and a temporary secret.If the movement recorded at the second device matches the movementrecorded at the mobile device, the processor may use the receivedtemporary secret to encrypt further communication with the seconddevice.

According to yet further embodiments, the processor may record themovement of the mobile device by employing an accelerometer integratedinto the mobile device, based on two or more distinct signalstransmitted from respective two or more antennae of the second device;determine a signal strength of each distinct signal; and/or transmit apublic encryption key with the initial handshake signal, where themessage from the second device is encrypted with the public encryptionkey. The movement of the mobile device may be according to a randompattern and the temporary secret may be used for a single NFC session.The movement of the mobile device may also be according to a predefinedpattern and the temporary secret may be used for multiple NFC sessions.The second device may be a stationary device or a mobile device, and themobile device may a smartphone, a tablet computer, a laptop computer, amobile computer, a handheld computer, or a wearable computer.

According to other embodiments, a stationary device is described forproviding a secure near field communication (NFC) handshake. Thestationary device may include a communication module configured toexchange NFC signals, two or more antennae, and a processor. Theprocessor may receive an initial NFC handshake signal from a mobiledevice while the mobile device is being moved relative to the stationarydevice; record a movement of the mobile device at the stationary device;and/or transmit a message from the stationary device that includes arecording of the movement at the stationary device and a temporarysecret. If the movement recorded at the stationary device matches themovement recorded at the mobile device, the processor may receivefurther NFC communication from the mobile device encrypted with thetemporary secret.

According to other examples, the processor may further detect themovement of the mobile device at the stationary device based ondetecting a signal strength received at the two or more antennae of thestationary device, and transmit the message employing two or moredistinct signals from respective two or more antennas of the stationarydevice. The movement of the mobile device may be according to a randompattern and the temporary secret may be used for a single NFC session.The movement of the mobile device may also be according to a predefinedpattern and the temporary secret may be used for multiple NFC sessions.The mobile device may be a smartphone, a tablet computer, a laptopcomputer, a mobile computer, a handheld computer, or a wearablecomputer. The stationary device may be a point of sale (POS) deviceand/or may include three or more antennae.

According to further examples, a computer readable storage medium withinstructions stored thereon, which when executed on one or morecomputing devices may execute a method for providing secure Near FieldCommunication (NFC) exchange. The method may be similar to the methoddescribed above.

There is little distinction left between hardware and softwareimplementations of aspects of systems; the use of hardware or softwareis generally (but not always, in that in certain contexts the choicebetween hardware and software may become significant) a design choicerepresenting cost vs. efficiency tradeoffs. There are various vehiclesby which processes and/or systems and/or other technologies describedherein may be effected (e.g., hardware, software, and/or firmware), andthat the preferred vehicle will vary with the context in which theprocesses and/or systems and/or other technologies are deployed. Forexample, if an implementer determines that speed and accuracy areparamount, the implementer may opt for a mainly hardware and/or firmwarevehicle; if flexibility is paramount, the implementer may opt for amainly software implementation; or, yet again alternatively, theimplementer may opt for some combination of hardware, software, and/orfirmware.

The foregoing detailed description has set forth various embodiments ofthe devices and/or processes via the use of block diagrams, flowcharts,and/or examples. Insofar as such block diagrams, flowcharts, and/orexamples contain one or more functions and/or operations, it will beunderstood by those within the art that each function and/or operationwithin such block diagrams, flowcharts, or examples may be implemented,individually and/or collectively, by a wide range of hardware, software,firmware, or virtually any combination thereof. In one embodiment,several portions of the subject matter described herein may beimplemented via Application Specific Integrated Circuits (ASICs), FieldProgrammable Gate Arrays (FPGAs), digital signal processors (DSPs), orother integrated formats. However, those skilled in the art willrecognize that some aspects of the embodiments disclosed herein, inwhole or in part, may be equivalently implemented in integratedcircuits, as one or more computer programs running on one or morecomputers (e.g., as one or more programs running on one or more computersystems), as one or more programs running on one or more processors(e.g., as one or more programs running on one or more microprocessors),as firmware, or as virtually any combination thereof, and that designingthe circuitry and/or writing the code for the software and or firmwarewould be well within the skill of one of skill in the art in light ofthis disclosure.

The present disclosure is not to be limited in terms of the particularembodiments described in this application, which are intended asillustrations of various aspects. Many modifications and variations canbe made without departing from its spirit and scope, as will be apparentto those skilled in the art. Functionally equivalent methods andapparatuses within the scope of the disclosure, in addition to thoseenumerated herein, will be apparent to those skilled in the art from theforegoing descriptions. Such modifications and variations are intendedto fall within the scope of the appended claims. The present disclosureis to be limited only by the terms of the appended claims, along withthe full scope of equivalents to which such claims are entitled. It isto be understood that this disclosure is not limited to particularmethods, reagents, compounds compositions or biological systems, whichcan, of course, vary. It is also to be understood that the terminologyused herein is for the purpose of describing particular embodimentsonly, and is not intended to be limiting.

In addition, those skilled in the art will appreciate that themechanisms of the subject matter described herein are capable of beingdistributed as a program product in a variety of forms, and that anillustrative embodiment of the subject matter described herein appliesregardless of the particular type of signal bearing medium used toactually carry out the distribution. Examples of a signal bearing mediuminclude, but are not limited to, the following: a recordable type mediumsuch as a floppy disk, a hard disk drive, a Compact Disc (CD), a DigitalVersatile Disk (DVD), a digital tape, a computer memory, a solid statedrive, etc.; and a transmission type medium such as a digital and/or ananalog communication medium (e.g., a fiber optic cable, a waveguide, awired communications link, a wireless communication link, etc.).

Those skilled in the art will recognize that it is common within the artto describe devices and/or processes in the fashion set forth herein,and thereafter use engineering practices to integrate such describeddevices and/or processes into data processing systems. That is, at leasta portion of the devices and/or processes described herein may beintegrated into a data processing system via a reasonable amount ofexperimentation. Those having skill in the art will recognize that atypical data processing system generally includes one or more of asystem unit housing, a video display device, a memory such as volatileand non-volatile memory, processors such as microprocessors and digitalsignal processors, computational entities such as operating systems,drivers, graphical user interfaces, and applications programs, one ormore interaction devices, such as a touch pad or screen, and/or controlsystems including feedback loops and control motors (e.g., feedback forsensing position and/or velocity of gantry systems; control motors formoving and/or adjusting components and/or quantities).

A typical data processing system may be implemented utilizing anysuitable commercially available components, such as those typicallyfound in data computing/communication and/or networkcomputing/communication systems. The herein described subject mattersometimes illustrates different components contained within, orconnected with, different other components. It is to be understood thatsuch depicted architectures are merely exemplary, and that in fact manyother architectures may be implemented which achieve the samefunctionality. In a conceptual sense, any arrangement of components toachieve the same functionality is effectively “associated” such that thedesired functionality is achieved. Hence, any two components hereincombined to achieve a particular functionality may be seen as“associated with” each other such that the desired functionality isachieved, irrespective of architectures or intermediate components.Likewise, any two components so associated may also be viewed as being“operably connected”, or “operably coupled”, to each other to achievethe desired functionality, and any two components capable of being soassociated may also be viewed as being “operably couplable”, to eachother to achieve the desired functionality. Specific examples ofoperably couplable include but are not limited to physically connectableand/or physically interacting components and/or wirelessly interactableand/or wirelessly interacting components and/or logically interactingand/or logically interactable components.

With respect to the use of substantially any plural and/or singularterms herein, those having skill in the art can translate from theplural to the singular and/or from the singular to the plural as isappropriate to the context and/or application. The varioussingular/plural permutations may be expressly set forth herein for sakeof clarity.

It will be understood by those within the art that, in general, termsused herein, and especially in the appended claims (e.g., bodies of theappended claims) are generally intended as “open” terms (e.g., the term“including” should be interpreted as “including but not limited to,” theterm “having” should be interpreted as “having at least,” the term“includes” should be interpreted as “includes but is not limited to,”etc.). It will be further understood by those within the art that if aspecific number of an introduced claim recitation is intended, such anintent will be explicitly recited in the claim, and in the absence ofsuch recitation no such intent is present. For example, as an aid tounderstanding, the following appended claims may contain usage of theintroductory phrases “at least one” and “one or more” to introduce claimrecitations. However, the use of such phrases should not be construed toimply that the introduction of a claim recitation by the indefinitearticles “a” or “an” limits any particular claim containing suchintroduced claim recitation to embodiments containing only one suchrecitation, even when the same claim includes the introductory phrases“one or more” or “at least one” and indefinite articles such as “a” or“an” (e.g., “a” and/or “an” should be interpreted to mean “at least one”or “one or more”); the same holds true for the use of definite articlesused to introduce claim recitations. In addition, even if a specificnumber of an introduced claim recitation is explicitly recited, thoseskilled in the art will recognize that such recitation should beinterpreted to mean at least the recited number (e.g., the barerecitation of “two recitations,” without other modifiers, means at leasttwo recitations, or two or more recitations).

Furthermore, in those instances where a convention analogous to “atleast one of A, B, and C, etc.” is used, in general such a constructionis intended in the sense one having skill in the art would understandthe convention (e.g., “a system having at least one of A, B, and C”would include but not be limited to systems that have A alone, B alone,C alone, A and B together, A and C together, B and C together, and/or A,B, and C together, etc.). It will be further understood by those withinthe art that virtually any disjunctive word and/or phrase presenting twoor more alternative terms, whether in the description, claims, ordrawings, should be understood to contemplate the possibilities ofincluding one of the terms, either of the terms, or both terms. Forexample, the phrase “A or B” will be understood to include thepossibilities of “A” or “B” or “A and B.”

In addition, where features or aspects of the disclosure are describedin terms of Markush groups, those skilled in the art will recognize thatthe disclosure is also thereby described in terms of any individualmember or subgroup of members of the Markush group.

As will be understood by one skilled in the art, for any and allpurposes, such as in terms of providing a written description, allranges disclosed herein also encompass any and all possible subrangesand combinations of subranges thereof. Any listed range can be easilyrecognized as sufficiently describing and enabling the same range beingbroken down into at least equal halves, thirds, quarters, fifths,tenths, etc. As a non-limiting example, each range discussed herein canbe readily broken down into a lower third, middle third and upper third,etc. As will also be understood by one skilled in the art all languagesuch as “up to,” “at least,” “greater than,” “less than,” and the likeinclude the number recited and refer to ranges which can be subsequentlybroken down into subranges as discussed above. Finally, as will beunderstood by one skilled in the art, a range includes each individualmember. Thus, for example, a group having 1-3 cells refers to groupshaving 1, 2, or 3 cells. Similarly, a group having 1-5 cells refers togroups having 1, 2, 3, 4, or 5 cells, and so forth.

While various aspects and embodiments have been disclosed herein, otheraspects and embodiments will be apparent to those skilled in the art.The various aspects and embodiments disclosed herein are for purposes ofillustration and are not intended to be limiting, with the true scopeand spirit being indicated by the following claims.

1. A method for providing secure Near Field Communication (NFC)exchange, the method comprising: transmitting, by a first device, aninitial NFC handshake signal while the first device is being movedrelative to a second device, wherein a movement of the first device isaccording to one of: a random pattern and a predefined pattern;recording, by the first device, a movement of the first device based ontwo or more distinct signals transmitted from two or more antennas ofthe second device; receiving, by the first device, a message from thesecond device that includes a recording of the movement at the seconddevice and the temporary secret; and upon a determination that themovement recorded at the second device matches the movement recorded atthe first device, using, by the first device, a received temporarysecret to encrypt further communication with the second device.
 2. Themethod of claim 1, further comprising recording the movement of thefirst device employing an accelerometer integrated into the firstdevice.
 3. (canceled)
 4. The method of claim 1, further comprisingdetermining a signal strength of each distinct signal at the firstdevice.
 5. The method of claim 1, further comprising transmitting apublic encryption key with the initial handshake signal, wherein themessage from the second device is encrypted with the public encryptionkey.
 6. The method of claim 1, wherein the temporary secret is used fora single NFC session.
 7. The method of claim 1, wherein the temporarysecret is used for multiple NFC sessions.
 8. The method of claim 1,wherein the first device is a mobile device and the second device is astationary device.
 9. The method of claim 1, wherein the first deviceand the second device are mobile devices.
 10. The method of claim 1,wherein the first device is one of a smartphone, a tablet computer, alaptop computer, a mobile computer, a handheld computer, or a wearablecomputer.
 11. A method for providing secure Near Field Communication(NFC) exchange, the method comprising: receiving, by a second device, aninitial NFC handshake signal from a first device while the first deviceis being moved relative to the second device, wherein a movement of thefirst device is according to one of: a random pattern and a predefinedpattern; recording, by the second device, a movement of the firstdevice; transmitting, by the second device, a message that includes arecording of the movement at the second device and a temporary secret;upon determination that the movement recorded at the second devicematches the movement recorded at the first device, receiving further NFCcommunication from the first device encrypted with the temporary secret;detecting the movement of the first device at the second device based ondetecting a signal strength received at two or more antennas of thesecond device; and transmitting the message employing two or moredistinct signals from two or more antennas of the second device. 12.(canceled)
 13. (canceled)
 14. (canceled)
 15. (canceled)
 16. The methodof claim 11, wherein the first device is a mobile device and the seconddevice is a stationary device.
 17. The method of claim 11, wherein thefirst device and the second device are mobile devices.
 18. (canceled)19. The method of claim 11, wherein the second device is a point of sale(POS) device.
 20. A mobile device for providing secure Near FieldCommunication (NFC) exchange, the mobile device comprising: acommunication module configured to exchange NFC signals; and a processorconfigured to: transmit an initial NFC handshake signal from the mobiledevice while the mobile device is being moved relative to a seconddevice, wherein a movement of the mobile device is according to one of:a random pattern and a predefined pattern; record a movement of themobile device; receive a message from the second device that includes arecording of the movement at the second device and a temporary secret;upon determination that the movement recorded at the second devicematches the movement recorded at the mobile device, use a receivedtemporary secret to encrypt further communication with the seconddevice; and record the movement of the mobile device based on two ormore distinct signals transmitted from respective two or more antennasof the second device.
 21. The mobile device of claim 20, wherein theprocessor is further configured to record the movement of the mobiledevice employing an accelerometer integrated into the mobile device. 22.(canceled)
 23. The mobile device of claim 20, wherein the processor isfurther configured to determine a signal strength of each distinctsignal.
 24. The mobile device of claim 20, wherein the processor isfurther configured to transmit a public encryption key with the initialhandshake signal, wherein the message from the second device isencrypted with the public encryption key.
 25. The mobile device of claim20, wherein the temporary secret is used for a single NFC session. 26.The mobile device of claim 20, wherein the temporary secret is used formultiple NFC sessions.
 27. The mobile device of claim 20, wherein thesecond device is a stationary device.
 28. The mobile device of claim 20,wherein the second device is a mobile device.
 29. The mobile device ofclaim 20, wherein the mobile device is one of a smartphone, a tabletcomputer, a laptop computer, a mobile computer, a handheld computer, ora wearable computer.
 30. A stationary device for providing secure NearField Communication (NFC) exchange, the stationary device comprising: acommunication module configured to exchange NFC signals; two or moreantennas; and a processor configured to: receive an initial NFChandshake signal from a mobile device while the mobile device is beingmoved relative to the stationary device, wherein a movement of themobile device is according to one of: a random pattern and a predefinedpattern; detect the movement of the mobile device at the stationarydevice based on a signal strength received at two or more antennas ofthe stationary device; record a movement of the mobile device at thestationary device; transmit a message from the stationary device thatincludes a recording of the movement at the stationary device and atemporary secret employing two or more distinct signals from the two ormore antennas of the stationary device; and upon determination that themovement recorded at the stationary device matches the movement recordedat the mobile device, receive further NFC communication from the mobiledevice encrypted with the temporary secret.
 31. (canceled) 32.(canceled)
 33. The stationary device of claim 30, wherein the temporarysecret is used for a single NFC session.
 34. The stationary device ofclaim 30, wherein the temporary secret is used for multiple NFCsessions.
 35. (canceled)
 36. The stationary device of claim 30, whereinthe stationary device is a point of sale (POS) device.
 37. Thestationary device of claim 30, wherein the stationary device includesthree or more antennas.
 38. (canceled)